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DETAILED ACTION 

1. Applicant's amendment filed on April 3, 2007 has been entered. Claims 1-6, 8- 
13, 15 and 16 are pending. Claims 7, 14 and 17 are canceled by the applicant and 
claims 1-5, 8-12, 15 and 16 are also amended by the applicant. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1-3, 9 and 10 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Vairavan (US Pub. No. 2002/0083344) in view of Chopra et al (US Patent No. 
6,631 ,466) in view of Hui et al (US Pub. No. 2004/0010712) and in view of Canion et al 
(US Patent No. 2002/01 08059). 

As per claim 1 , Vairavan discloses: 

at least one wide area network (WAN); at least one local area network (LAN) [Fig. 1, 
paragraph 0047, 0048]; and an integrated firewall/VPN chipset configured to send and 
receive data packets between said WAN and said LAN [Fig. 1, component 110]. 
Further, Vairavan teaches filtering techniques within different firewall layers [paragraph 
0086, 0087 - i.e. a firewall, comprising multiple layers], a first layer including a header 
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match packet filtering engine, a second layer including a content match packet filtering 
engine configured to analyze the scope of at least one data packet [paragraph 0074, 
0086, 0088, 0137 lines 1-3]. 

Chopra teaches a header match packet filtering to provide pattern matching in selected 
headers of data [Fig. 3a, 4a, col. 4 lines 48-53, col. 7 lines 24-45]. 
Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Chopra with Vairavan, since one would have been 
motivated to provide greater flexibility for packet filtering [Chopra, col. 1 lines 62-63]. 
Hui teaches a firewall which provides packet filtering function along with application 
proxy function (i.e. a third layer), a third layer including at lest one application proxy 
configured to provide additional pattern matching [paragraph 0220]. Further, Hui 
teaches a listening table which stores a TCP/UDP connection setup [paragraph 0070, 
0149] and to forward the setup progress to a central processing unit (CPU) for tracking 
[paragraph 0070,0084,0090,105]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Hui with Vairavan and Chopra, since one would 
have been motivated to improve speed/security for firewall and speed for VPN [Hui, 
paragraph 0009]. 

Canion teaches a fourth layer including a session match engine configured to store a 
TCP/UDP connection setup and to forward the setup progress to a central processing 
unit (CPU) for tracking [paragraph 0067, 0068,0072]. 
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Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Canion with Vairavan, Chopra and Hui, since one 
would have been motivated to examine the packet for security violation to distinguish 
real requests from attack based requests [Canion, paragraph 0009]. 
Further, Vairavan discloses: 

a VPN configured to provide security functions for data between said LAN and said 
WAN, wherein said security functions are selected from the group consisting of 
encryption, decryption, encapsulation, and decapsulation of said data packets 
[paragraph 0109, 0112]. 

As per claim 2 , the rejection of claim 1 is incorporated and Vairavan discloses: 

said chipset further comprises a router adapted to route data between said WAN and 

said LAN [Fig. 1, 2, paragraph 0058, 0122, 0139 lines 1-4]. 

As per claim 3 , the rejection of claim 1 is incorporated and Vairavan teaches said 
firewall is configured to provide static and/or dynamic data packet filtering (i.e. based on 
filtering rules/policy) [paragraph 0074]. 

As per claim 9 , it encompasses limitations that are similar to limitations of claims 1 and 
2. Thus, it is rejected with the same rationale applied against claims 1 and 2 above. 
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As per claim 10 , the rejection of claim 9 is incorporated and it encompasses limitations 
that are similar to limitations of claim 3. Thus, it is rejected for the same reason set forth 
in the rejection of claim 3 above. 

*. 

3. Claims 4 and 11 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Vairavan (US Pub. No. 2002/0083344) in view of Chopra et al (US Patent No. 
6,631,466) in view of Hui et al (US Pub. No. 2004/0010712) in view of Canion et al (US 
Patent No. 2002/0108059) and in view of Lee (US Patent No. 7,047,561). 

As per claim 4 , the rejection of claim 1 is incorporated and Lee teaches said header 
match packet filtering engine is configured to provide pattern matching in selected 
headers of said data and their combination from L2, L3 and L4 headers [Fig. 5]. 
Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Lee with Vairavan, Choprai Hui and Canion, since 
one would have been motivated to provide the necessary speed/security for real-time 
Internet applications [Lee, col. 2 lines 15-17]. 

As per claim 11 , the rejection of claim 10 is incorporated and it encompasses limitations 
that are similar to limitations of claim 4. Thus, it is rejected for the same reason set forth 
in the rejection of claim 4 above. 
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4. Claims 5, 6, 12 and 13 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Vairavan (US Pub. No. 2002/0083344) in view of Chopra et al (US 
Patent No. 6,631,466) in view of Hui et al (US Pub. No. 2004/0010712) in view of 
Canion et al (US Patent No. 2002/0108059) and in view of Krishna et al (US Patent No. 

6,477,646). 

As per claim 5 . the rejection of claim 1 is incorporated and Vairavan discloses the 
chipset further configured to analyze access control functions [0086, 0132]. 
Vairavan doesn't expressively mention preselected bytes of the data packets. 
Krishna teaches a security chip to incorporate both encryption and authentication 
functionality in a signal chip [Fig. 2, 4]. Further, Kim teaches processing the packet 
based on preselected bytes of the data packet [col. 3 lines 64-67, col. 4 lines 1-2, col. 5 
lines 38-50]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Krishna with Vairavan, Chopra, Hui and Canion, 
since one would have been motivated to improve the performance improvement 
[Krishna, col. 2 lines 26-27]. 

As per claim 6 . the rejection of claim 5 is incorporated and Krishna teaches: 

said preselected bytes comprise the first 144 bytes of said data packet [col. 4 lines 1-2, 

col. 6 lines 28-32]. 
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As per claim 12 . the rejection of claim 9 is incorporated and it encompasses limitations 
that are similar to limitations of claim 5. Thus, it is rejected for the same reason set forth 
in the rejection of claim 5 above. 

As per claim 13 , the rejection of claim 12 is incorporated and it encompasses limitations 
that are similar to limitations of claim 6. Thus, it is rejected for the same reason set forth 
in the rejection of claim 6 above. 

5. Claims 8, 15 and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Vairavan (US Pub. No. 2002/0083344) in view of Chopra et al (US Patent No. 
6,631 ,466) in view of Hui et al (US Pub. No. 2004/0010712) in view of Canion et al (US 
Patent No. 2002/0108059) and in view of Osborne et al (US Patent No. 6,687833). 

As per claim 16 , Vairavan discloses: 

filtering techniques within different firewall layers [paragraph 0086, 0087 - i.e. a firewall 
comprising multiple layers], a first layer including a header match packet filtering engine, 
a second layer including a content match packet filtering engine configured to analyze 
the scope of at least one data packet [paragraph 0074, 0086, 0088, 0137 lines 1-3]. 
Chopra teaches a header match packet filtering to provide pattern matching in selected 
headers of data [Fig. 3a, 4a, col. 4 lines 48-53, col. 7 lines 24-45]. 
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Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Chopra with Vairavan, since one would have been 
motivated to provide greater flexibility for packet filtering [Chopra, col. 1 lines 62-63]. 
Hui teaches a firewall which provides packet filtering function along with application 
proxy function (i.e. a third layer), a third layer including at lest one application proxy 
configured to provide additional pattern matching [paragraph 0220]. Further, Hui 
teaches a listening table which stores a TCP/UDP connection setup [paragraph 0070, 
0149] and to forward the setup progress to a central processing unit (CPU) for tracking 
[paragraph 0070,0084,0090,105]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Hui with Vairavan and Chopra, since one would 
have been motivated to improve speed/security for firewall and speed for VPN [Hui, 
paragraph 0009]. 

Canion teaches a fourth layer including a session match engine configured to store a 
TCP/UDP connection setup and to forward the setup progress to a central processing 
unit (CPU) for tracking [paragraph 0067, 0068,0072]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Canion with Vairavan, Chopra and Hui, since one 
would have been motivated to examine the packet for security violation to distinguish 
real requests from attack based requests [Canion, paragraph 0009]. 
Osborne teaches: defining one or more access control protocols [Fig. 3, col. 5 lines 27- 
65]; receiving a data packet [Fig. 2]; selecting a certain number of bytes of said data 
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packet; processing said selected bytes using said access control protocols [Fig. 8, 9 col. 
6 lines 60-67, col. 7 lines 6-21]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Osborne with Vairavan, Chopra, Hui and Canion, 
since one would have been motivated to provide network security system capable of 
diverting and tracking potential attacks [Osborne, col. 2 lines 12-13]. 

As per claim 8 . the rejection of claim 1 is incorporated and Vairavan teaches said 
firewall further includes access control modules [Fig. 4, 5]. 

Osborne teaches access control function comprising user-defined access control 
protocols [Fig. 2, 3]. 

As per claim 15 . the rejection of claim 9 is incorporated and it encompasses limitations 
that are similar to limitations of claim 8. Thus, it is rejected for the same reason set forth 
in the rejection of claim 8 above. 

Response to Amendment 

6. Applicant has amended claims 1, 9 and 16 which necessitated new ground of 
rejection. See rejection above. 
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Conclusion 

7. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of. time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications 
from the examiner should be directed to Nirav Patel whose telephone number is 571- 

272- 5936. If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kim Vu can be reached on 571-272-3859. The fax and phone 
numbers for the organization where this application or proceeding is assigned is 571- 

273- 8300. Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 571-272- 
2100. 

NBP 

6/1/07 
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